Vulnerability DatabaseCVE-2026-32062
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2026-32062
March 11, 2026
OpenClaw versions2026.2.21-2 prior to 2026.2.22 and @openclaw/voice-call versions 2026.2.21 prior to 2026.2.22 accept media-stream WebSocket upgrades before stream validation, allowing unauthenticated clients to establish connections. Remote attackers can hold idle pre-authenticated sockets open to consume connection resources and degrade service availability for legitimate streams.
Affected Packages
@openclaw/voice-call (NPM):
Affected version(s) >=2026.1.29 <2026.2.22
Fix Suggestion:
Update to version 2026.2.22
openclaw (NPM):
Affected version(s) >=0.0.1 <2026.2.22
Fix Suggestion:
Update to version 2026.2.22
Related Resources (5)
https://github.com/openclaw/openclaw/commit/1d8968c8a821ff1a05c294a1846b3bcb6f343794
https://github.com/openclaw/openclaw/security/advisories/GHSA-mfg5-7q5g-f37j
https://www.vulncheck.com/advisories/openclaw-unauthenticated-websocket-resource-exhaustion-via-media-stream
https://nvd.nist.gov/vuln/detail/CVE-2026-32062
https://github.com/openclaw/openclaw
Do you need more information?
Contact Us
CVSS v4
Base Score:
8.7
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH
Weakness Type (CWE)
Allocation of Resources Without Limits or Throttling
CWE-770
Uncontrolled Resource Consumption
CWE-400
EPSS
Base Score:
0.13